diff --git a/doc/api/https.markdown b/doc/api/https.markdown index e2c9862a090..943395a5569 100644 --- a/doc/api/https.markdown +++ b/doc/api/https.markdown @@ -119,7 +119,7 @@ The following options from [tls.connect()][] can also be specified. However, a - `rejectUnauthorized`: If `true`, the server certificate is verified against the list of supplied CAs. An `'error'` event is emitted if verification fails. Verification happens at the connection level, *before* the HTTP - request is sent. Default `false`. + request is sent. Default `true`. In order to specify these options, use a custom `Agent`. diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 44a70c0c965..4d8b7f1dae7 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -240,7 +240,7 @@ Creates a new client connection to the given `port` and `host` (old API) or - `rejectUnauthorized`: If `true`, the server certificate is verified against the list of supplied CAs. An `'error'` event is emitted if verification - fails. Default: `false`. + fails. Default: `true`. - `NPNProtocols`: An array of string or `Buffer` containing supported NPN protocols. `Buffer` should have following format: `0x05hello0x05world`, diff --git a/lib/https.js b/lib/https.js index a243b2bc2e8..bc4e8eeea0e 100644 --- a/lib/https.js +++ b/lib/https.js @@ -21,6 +21,7 @@ var tls = require('tls'); var http = require('http'); +var util = require('util'); var url = require('url'); var inherits = require('util').inherits; @@ -97,11 +98,25 @@ exports.request = function(options, cb) { throw new Error('Protocol:' + options.protocol + ' not supported.'); } - if (options.agent === undefined) { - options.agent = globalAgent; + options = util._extend({ + createConnection: createConnection, + defaultPort: 443 + }, options); + + if (typeof options.agent === 'undefined') { + if (typeof options.ca === 'undefined' && + typeof options.cert === 'undefined' && + typeof options.ciphers === 'undefined' && + typeof options.key === 'undefined' && + typeof options.passphrase === 'undefined' && + typeof options.pfx === 'undefined' && + typeof options.rejectUnauthorized === 'undefined') { + options.agent = globalAgent; + } else { + options.agent = new Agent(options); + } } - options.createConnection = createConnection; - options.defaultPort = options.defaultPort || 443; + return new http.ClientRequest(options, cb); }; diff --git a/lib/tls.js b/lib/tls.js index 43411c0fc3b..dc327878252 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -1272,6 +1272,11 @@ exports.connect = function(/* [port, host], options, cb */) { var options = args[0]; var cb = args[1]; + var defaults = { + rejectUnauthorized: '0' !== process.env.NODE_TLS_REJECT_UNAUTHORIZED + }; + options = util._extend(defaults, options || {}); + var socket = options.socket ? options.socket : new net.Stream(); var sslcontext = crypto.createCredentials(options); diff --git a/test/fixtures/GH-892-request.js b/test/fixtures/GH-892-request.js index a43398e9840..db8186bfc00 100644 --- a/test/fixtures/GH-892-request.js +++ b/test/fixtures/GH-892-request.js @@ -19,7 +19,10 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. -// Called by test/simple/test-regress-GH-892.js +// Called by test/pummel/test-regress-GH-892.js + +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; var https = require('https'); var fs = require('fs'); diff --git a/test/pummel/test-https-large-response.js b/test/pummel/test-https-large-response.js index e5382c45dbc..23a836081c0 100644 --- a/test/pummel/test-https-large-response.js +++ b/test/pummel/test-https-large-response.js @@ -19,8 +19,8 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. - - +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; var common = require('../common'); var assert = require('assert'); diff --git a/test/pummel/test-tls-throttle.js b/test/pummel/test-tls-throttle.js index fcbc8c74bd9..cfe7d737f9d 100644 --- a/test/pummel/test-tls-throttle.js +++ b/test/pummel/test-tls-throttle.js @@ -19,11 +19,12 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. - - - // Server sends a large string. Client counts bytes and pauses every few // seconds. Makes sure that pause and resume work properly. + +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-http-host-headers.js b/test/simple/test-http-host-headers.js index 2e92ae577d0..a0c4abf6c6d 100644 --- a/test/simple/test-http-host-headers.js +++ b/test/simple/test-http-host-headers.js @@ -19,8 +19,8 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. - - +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; var http = require('http'), https = require('https'), diff --git a/test/simple/test-http-url.parse-https.request.js b/test/simple/test-http-url.parse-https.request.js index 6756db54873..9e42cbdd460 100644 --- a/test/simple/test-http-url.parse-https.request.js +++ b/test/simple/test-http-url.parse-https.request.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-agent.js b/test/simple/test-https-agent.js index 41aa034862e..ded7f4dd4ba 100644 --- a/test/simple/test-https-agent.js +++ b/test/simple/test-https-agent.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-client-get-url.js b/test/simple/test-https-client-get-url.js index c6ddb032d0f..ae5613c1434 100644 --- a/test/simple/test-https-client-get-url.js +++ b/test/simple/test-https-client-get-url.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-client-reject.js b/test/simple/test-https-client-reject.js index 700caee68ad..45788a8c891 100644 --- a/test/simple/test-https-client-reject.js +++ b/test/simple/test-https-client-reject.js @@ -47,21 +47,21 @@ var server = https.createServer(options, function(req, res) { function unauthorized() { var req = https.request({ - port: common.PORT + port: common.PORT, + rejectUnauthorized: false }, function(res) { assert(!req.socket.authorized); rejectUnauthorized(); }); req.on('error', function(err) { - assert(false); + throw err; }); req.end(); } function rejectUnauthorized() { var options = { - port: common.PORT, - rejectUnauthorized: true + port: common.PORT }; options.agent = new https.Agent(options); var req = https.request(options, function(res) { @@ -76,7 +76,6 @@ function rejectUnauthorized() { function authorized() { var options = { port: common.PORT, - rejectUnauthorized: true, ca: [fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))] }; options.agent = new https.Agent(options); diff --git a/test/simple/test-https-drain.js b/test/simple/test-https-drain.js index 314944b768f..04a6bb2be19 100644 --- a/test/simple/test-https-drain.js +++ b/test/simple/test-https-drain.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-eof-for-eom.js b/test/simple/test-https-eof-for-eom.js index d5b5111c2bf..c8552999182 100644 --- a/test/simple/test-https-eof-for-eom.js +++ b/test/simple/test-https-eof-for-eom.js @@ -34,6 +34,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-https-localaddress.js b/test/simple/test-https-localaddress.js index b171225be7a..26386c44cc8 100644 --- a/test/simple/test-https-localaddress.js +++ b/test/simple/test-https-localaddress.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var https = require('https'), fs = require('fs'), diff --git a/test/simple/test-https-pfx.js b/test/simple/test-https-pfx.js index bfed64afd64..3d84aa5fedb 100644 --- a/test/simple/test-https-pfx.js +++ b/test/simple/test-https-pfx.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-socket-options.js b/test/simple/test-https-socket-options.js index f0216647ba4..8aa1da8fc5c 100644 --- a/test/simple/test-https-socket-options.js +++ b/test/simple/test-https-socket-options.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); diff --git a/test/simple/test-https-strict.js b/test/simple/test-https-strict.js index e62c0d51a74..43febc8e13f 100644 --- a/test/simple/test-https-strict.js +++ b/test/simple/test-https-strict.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); diff --git a/test/simple/test-https-timeout.js b/test/simple/test-https-timeout.js index 8a8ae00c3ce..fc32fb9ebf1 100644 --- a/test/simple/test-https-timeout.js +++ b/test/simple/test-https-timeout.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var fs = require('fs'); diff --git a/test/simple/test-regress-GH-1531.js b/test/simple/test-regress-GH-1531.js index 58086e0879c..8d5f8b826b1 100644 --- a/test/simple/test-regress-GH-1531.js +++ b/test/simple/test-regress-GH-1531.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { var https = require('https'); var assert = require('assert'); var fs = require('fs'); +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var options = { diff --git a/test/simple/test-tls-client-reject.js b/test/simple/test-tls-client-reject.js index 5f5056e33e4..410096fc154 100644 --- a/test/simple/test-tls-client-reject.js +++ b/test/simple/test-tls-client-reject.js @@ -48,7 +48,10 @@ var server = tls.createServer(options, function(socket) { }); function unauthorized() { - var socket = tls.connect(common.PORT, function() { + var socket = tls.connect({ + port: common.PORT, + rejectUnauthorized: false + }, function() { assert(!socket.authorized); socket.end(); rejectUnauthorized(); @@ -60,9 +63,7 @@ function unauthorized() { } function rejectUnauthorized() { - var socket = tls.connect(common.PORT, { - rejectUnauthorized: true - }, function() { + var socket = tls.connect(common.PORT, function() { assert(false); }); socket.on('error', function(err) { @@ -74,7 +75,6 @@ function rejectUnauthorized() { function authorized() { var socket = tls.connect(common.PORT, { - rejectUnauthorized: true, ca: [fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))] }, function() { assert(socket.authorized); diff --git a/test/simple/test-tls-client-resume.js b/test/simple/test-tls-client-resume.js index 9fc84da3e11..5af6c7935be 100644 --- a/test/simple/test-tls-client-resume.js +++ b/test/simple/test-tls-client-resume.js @@ -28,6 +28,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-client-verify.js b/test/simple/test-tls-client-verify.js index 9b1083f064f..f071e3407cd 100644 --- a/test/simple/test-tls-client-verify.js +++ b/test/simple/test-tls-client-verify.js @@ -59,6 +59,9 @@ var testCases = ]; +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var fs = require('fs'); diff --git a/test/simple/test-tls-connect-given-socket.js b/test/simple/test-tls-connect-given-socket.js index e341dfc82d5..262966b56a4 100644 --- a/test/simple/test-tls-connect-given-socket.js +++ b/test/simple/test-tls-connect-given-socket.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-connect-simple.js b/test/simple/test-tls-connect-simple.js index 6c07f4cb023..b1c68a4a89f 100644 --- a/test/simple/test-tls-connect-simple.js +++ b/test/simple/test-tls-connect-simple.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-getcipher.js b/test/simple/test-tls-getcipher.js index 2f8c290b73a..d101ad84410 100644 --- a/test/simple/test-tls-getcipher.js +++ b/test/simple/test-tls-getcipher.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-honorcipherorder.js b/test/simple/test-tls-honorcipherorder.js index cc2584390a9..fbbfb64a13f 100644 --- a/test/simple/test-tls-honorcipherorder.js +++ b/test/simple/test-tls-honorcipherorder.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-npn-server-client.js b/test/simple/test-tls-npn-server-client.js index cf8014a50b0..09c5c4b1317 100644 --- a/test/simple/test-tls-npn-server-client.js +++ b/test/simple/test-tls-npn-server-client.js @@ -25,6 +25,9 @@ if (!process.features.tls_npn) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'), assert = require('assert'), fs = require('fs'), diff --git a/test/simple/test-tls-over-http-tunnel.js b/test/simple/test-tls-over-http-tunnel.js index 4a5e22140d2..2cae29d42e1 100644 --- a/test/simple/test-tls-over-http-tunnel.js +++ b/test/simple/test-tls-over-http-tunnel.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); diff --git a/test/simple/test-tls-passphrase.js b/test/simple/test-tls-passphrase.js index e3c0f2a849c..983af863a0e 100644 --- a/test/simple/test-tls-passphrase.js +++ b/test/simple/test-tls-passphrase.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-pause-close.js b/test/simple/test-tls-pause-close.js index a53d017a138..26e267d86a1 100644 --- a/test/simple/test-tls-pause-close.js +++ b/test/simple/test-tls-pause-close.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-pause.js b/test/simple/test-tls-pause.js index 9ca3dfb2bd9..11cfb3a4fae 100644 --- a/test/simple/test-tls-pause.js +++ b/test/simple/test-tls-pause.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-peer-certificate-multi-keys.js b/test/simple/test-tls-peer-certificate-multi-keys.js index 070b5287621..e967b495560 100644 --- a/test/simple/test-tls-peer-certificate-multi-keys.js +++ b/test/simple/test-tls-peer-certificate-multi-keys.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-peer-certificate.js b/test/simple/test-tls-peer-certificate.js index ea3245a562f..abe1291389d 100644 --- a/test/simple/test-tls-peer-certificate.js +++ b/test/simple/test-tls-peer-certificate.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-remote.js b/test/simple/test-tls-remote.js index 9aa51ab416f..3753ab7460d 100644 --- a/test/simple/test-tls-remote.js +++ b/test/simple/test-tls-remote.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-request-timeout.js b/test/simple/test-tls-request-timeout.js index c44ecef3fa9..d9fd5e72edc 100644 --- a/test/simple/test-tls-request-timeout.js +++ b/test/simple/test-tls-request-timeout.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-set-encoding.js b/test/simple/test-tls-set-encoding.js index 8850a677e0c..a404a361086 100644 --- a/test/simple/test-tls-set-encoding.js +++ b/test/simple/test-tls-set-encoding.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-sni-server-client.js b/test/simple/test-tls-sni-server-client.js index 093d0fd1154..2af06be2657 100644 --- a/test/simple/test-tls-sni-server-client.js +++ b/test/simple/test-tls-sni-server-client.js @@ -28,6 +28,9 @@ if (!process.features.tls_sni) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'), assert = require('assert'), fs = require('fs'),